8000 duplicate key value violates unique constraint "constraint_offl_cl_ses_pk3" · Issue #39173 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
duplicate key value violates unique constraint "constraint_offl_cl_ses_pk3" #39173
New issue
New issue
Closed
#39344
Closed
duplicate key value violates unique constraint "constraint_offl_cl_ses_pk3"#39173
#39344
Assignees
ahus1
Labels
area/infinispankind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.2.4release/26.3.0team/sre
@RadekSalay

Description

@RadekSalay
RadekSalay
opened on Apr 24, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

infinispan

Describe the bug

Hi, not very often we find an error in database table app_keycloak.OFFLINE_CLIENT_SESSION.
Full error is
Batch entry 0 insert into app_keycloak.OFFLINE_CLIENT_SESSION (DATA,TIMESTAMP,VERSION,CLIENT_ID,CLIENT_STORAGE_PROVIDER,EXTERNAL_CLIENT_ID,OFFLINE_FLAG,USER_SESSION_ID) values ((.........)) was aborted: ERROR: duplicate key value violates unique constraint "constraint_offl_cl_ses_pk3"

I think the problem is that multiple instances of my Keycloak want to write offline_session to the database. Those who try to write later get an error from the database that such a session already exists. Which instance should write to the database should be controlled by the Infinispan cache. Which works correctly most of the time, because this error is only occasional.

Our Keycloak instances run in AKS. We use dns.DNS_PING for discovery with headless-service.

  - KC_CACHE_STACK=kubernetes
  - KC_CACHE=ispn
  - KEYCLOAK_STATISTICS=db,http,jgroups
  - JGROUPS_DISCOVERY_PROTOCOL=dns.DNS_PING
  - JGROUPS_TRANSPORT_STACK=tcp
  - JGROUPS_DISCOVERY_PROPERTIES=dns_query=keycloak-headless

apiVersion: v1
kind: Service
metadata:
  name: keycloak-headless
spec:
  publishNotReadyAddresses: true
  clusterIP: None
  ports:
    - name: ping
      port: 7800
      targetPort: 7800
      protocol: TCP
  selector:
    app: ew-keycloak

I try adding mode=SYNC and changing the number of owners in cache-ispn.xml for distributed-cache of offlineSessions, but the error still prevails.

In the logs of Jgroup I can see that pods successfully see each other.

Version

26.1.1

Regression

  • The issue is a regression

Expected behavior

Always only one instance of Keycloak will write offline sessions, so there will be no conflict in the database.

Actual behavior

Multiple instances of Keycloak try to write offline_session and only the first one is successful others end with error on duplicate keys.

How to Reproduce?

  • Run Keycloak in AKS cluster with more than one instance.
  • Use DNS_PING for Jgroup discovery.
  • Obtain an offline session.

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/infinispankind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.2.4release/26.3.0team/sre

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0